Ok. tweet thread time! Too long ago I promised to write a screed explaining how much I hated mutual-auth TLS and why. I got distracted, and I wasn't happy with the writing, so here it is in tweet thread form instead! But basically: Client certs and Mutual-Auth TLS is TERRIBAD.
-
Show this thread
-
When I say TERRIBAD, I mean that unless you've got the resources of a big security dept and folks who comb threat models for a living, using clients certs and mutual auth probably materially lessens your security. That's NUTS! Let me recount the many ways.
2 replies 0 retweets 8 likesShow this thread -
O.k some background. So Mutual Auth TLS, also called Client Auth TLS, or Client Certs, or MTLS, are all names for that crazy setup where you generate or give certificates to your clients and have them connect into your service. Seen in Intranets and MySQL conf since 2000.
1 reply 0 retweets 6 likesShow this thread -
Let's start with the big elephant in the room: MTLS is one big GIGANTIC layering violation. Authenticating users at the channel/session/network layer ... for actions that happen at a higher layer, like HTTP requests, or SQL commands. How is that bad?
1 reply 0 retweets 14 likesShow this thread -
Well it means that trivial security issues like SQL injection and request smuggling in HTTP headers ARE STILL THINGS IN TWO THOUSAND AND EIGHTEEN. Forget to escape a parameter and boom .. the attacker than put requests right there in your "authenticated" stream. *HEAD DESK*
4 replies 0 retweets 12 likesShow this thread -
Come on people - we *give* you strongly signed requests, and SPIFFE and ISTIO still do this garbage? Drives me nuts.
1 reply 0 retweets 5 likesShow this thread
it's a big "we" - I mean all cloud and SaaS providers for quite a while now.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.